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CLAIMS 

1\ A method for managing access to a shared resource by a plurality of devices 
that are coupled to the shared resource via a network, the method including acts of: 

(a) ^ in response to a non-media access request by a first of the plurality of devices 
to a logical device at the shared resource for which the first device has no data access 
privileges, determining whether the first device is authorized to have non-media access to the 
logical device^and 

(b) authorizing the non-media access request when it is determined in the act (a) 
that the first device is authorized to have non-media access to the logical device. 



2. The method of claim 1, further including an act of: 

(c) denying the non-media access request when it is determined in the act (a) that 
the first device is not authorized to have non-media access to the logical device. 



15 



3. The method of claim 2, wherein the act (c) includes an act of: 

1 

ignoring the non-media access request. 



25 



30 



4. The mjethod of claim 2, wherein the act (b) includes an act of: 

forwarding the non-media access request to a physical device corresponding to the 



20 logical device. 



5. The method of claim 1, wherein the non-media access request is an 
availability request to determine an availability of the logical device, and wherein the act (b) 
includes an act of: 

forwarding the availability request to a physical device corresponding to the logical 



device. 



6. The mfethod of claim 1, further including acts of: 

(c) in response to a data access request by the first device to the logical device, 
determining whether t le first device has data access privileges to the logical device; and 

(d) authorizing the data access request when it is determined in the act (c) that the 
first device has data access privileges to the logical device. 
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Tjhe method claim 6, further including an act of: 

denying the data access request when it is determined in the act (c) that the 
first device has noidata access privileges to the logical device. 



7. 

(e) 



8. Thetnethod of claim 1, wherein the acts (a) and (b) are performed by a filter 
that controls access to a plurality of logical devices at the shared resource, the method further 
including an act of: ^ 

(c) maintaining, in a data structure accessible to the filter, configuration 
information corresponding to the first device, the configuration information including; 

(1) firsj configuration information identifying each of the plurality of logical 
devices to whic|i data access by the first device is authorized; and 

(2) whether non-media access is authorized to each of the plurality of logical 
devices for which the first configuration information identifies that no data access is 
authorized for the first device. 



9. The method of claim 8, wherein the act (a) includes an act of: 

\ 

examining the configuration information corresponding to the first device to 
determine whether the first device is authorized to have non-media access to the logical 
device. 



10. The method of claim 1, wherein the acts (a) and (b) are performed by a filter 
that controls access to a plurality of logical devices at the shared resource, the method further 
including an act of: 

(c) maintaining, m a data structure accessible to the filter, configuration 
information corresponding totthe first device, the configuration information identifying; 

(1) each of thevplurality of logical devices to which data access by the first 
device is authorized; and 

(2) each of the plurality of logical devices to which non-media access by the 
first device is authorized. 

11. The method of claim 1, further including an act of: 
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(c) determining whether an access request by the first device is one of a data 
access request and a non-media access request. 




The method of claim 1, wherein the shared resource is a storage system; 
wherein the act (a) includes an act of, in response to the non media access request by 
the first device to a logical volume of data at the storage system for which the first device has 
no data accessjprivileges, determining whether the first device is authorized to have non- 
media access to the logical volume; and 
I 

wherein the act (b) includes an act of authorizing the non media access request when 
it is determined|in the act (a) that the first device is authorized to have non-media access to 
the logical volume. 



13. The method of claim 12, wherein the acts (a) and (b) are performed by the 
storage system. 

14. Thelmethod of claim 12, wherein the acts (a) and (b) are performed outside of 
the storage system, t 

15. A method for managing access to a storage system by a plurality of devices 
that are coupled to the|Storage system via a network, the storage system including a plurality 
of logical volumes of data, the method including acts of: 

(a) maintai ling, in a data structure that is accessible to a filter that controls access 



to each of the plurality 
volume of the plurality 



of logical volumes, configuration information identifying each logical 
of logical volumes to which data access by a first device of the 



niyi o 

plurality of devices is authorized; 

(b) in response to a non-media access request by the first device to a first logical 
volume for which the firlst device has no data access privileges, determining whether the first 

device is authorized to have non-media access to the first logical volume; and 

1 

(c) authorizing the non-media access request when it is determined in the act (b) 
that the first device is authorized to have non-media access to the first logical volume. 



16. 



The method of claim 15, further including an act of: 
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(d) denying the non-media access request when it is determined in the act (b) that 
the first device is not authorized to have non-media access to the first logical volume. 



17. The method of claim 16, wherein the act (c) includes an act of: 
forwardingjthe non-media access request to a physical device corresponding to the 
first logical volume. 



18. . The method of claim 15, wherein the act (c) includes an act of: 

.i . . 

forwarding the non-media access request to a physical device corresponding to the 
10 first logical volume 

19. The method of claim 15, further including acts of: 

I 

(d) in response to a data access request by the first device to the first logical 
volume, determining whether the first device has data access privileges to the first logical 

15 volume; and 

(e) authorizing the data access request when it is determined in the act (d) that the 
first device has data access privileges to the first logical volume. 



20 



25 



20. The method claim 19, further including an act of: 

(f) denying the data access request when it is determined in the act (d) that the 



first device has no data 



access privileges to the first logical volume. 



21 . The method of claim 1 5, wherein the filter is in the storage system and 
wherein the acts (a), (tj), and (c) are performed by the storage system. 

22. The method of claim 15, wherein the filter is outside of the storage system, 
and wherein the acts (al (b) 5 and (c) are performed outside of the storage system. 



30 



23. The method of claim 15, further including an act of: 
(d) determining whether an access request by the first device is one of a data 
access request and a nor -media access request. 
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24. Tihe method of claim 15, wherein the non-media access request is an 
availability request to determine an availability of the first logical volume, and wherein the 
act (c) includes an act of: 

\ 

forwarding the availability request to a physical storage device corresponding to the 
first logical volume. 



25. The method of claim 15, wherein the act (a) includes an act of: 
maintaining, in the data structure that is accessible to the filter, configuration 

information that includes first configuration information identifying each logical volume of 
the plurality of logical volumes to which data access by the first device is authorized and 
second configuratic n information identifying whether non-media access is authorized to each 
of the plurality of logical volumes for which the first configuration information identifies that 
no data access is authorized for the first device. 

26. The method of claim 25, wherein the act (b) includes an act of: 
examining the second configuration information to determine whether the first device 

is authorized to have non-media access to the first logical volume. 



27. 



The 



method of claim 15, wherein the act (a) includes an act of: 



maintaining, in the data structure that is accessible to the filter, configuration 
information that identifies each logical volume of the plurality of logical volumes to which 
data access by the first device is authorized and each of the plurality of logical volumes to 
which non-media access by the first device is authorized. 



28. An apparatus for use in a computer system including a plurality of devices, a 



shared resource, and 



i network that couples the plurality of devices to the shared resource, 



the apparatus comprising: 

an input to be coupled to the network; and 

at least one filter, coupled to the input, that is responsive to a non-media access 
request by a first of the plurality of devices to a logical device at the shared resource for 
which the first device has no data access privileges, to determine whether the first device is 
authorized to have non-lmedia access to the logical device, and to authorize the non-media 
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access request when it is determined that the first device is authorized to have non-media 
\ 

access to the logical device. 

29. The apparatus of claim 28, wherein when it is determined that the first device 
5 is not authorizedjjto have non-media access to the logical device, the at least one filter denies 
the non-media access request. 



30. The apparatus of claim 29, wherein the shared resource includes a plurality of 
storage devices coipled to the at least one filter, and wherein when it is determined that the 
10 first device is authorized to have non-media access to the logical device, the at least one filter 
forwards the non-media access request to a storage device corresponding to the logical 
device. 



3 1 . The apparatus of claim 28, wherein when it is determined that the first device 
tuthorized to have non-: 
the non-media access request. 



15 is not authorized to have non-media access to the logical device, the at least one filter ignores 



32. The apparatus of claim 28, wherein: 

the shared resource includes a plurality of storage devices coupled to the at least one 
20 filter; \ 

the non-media access request is an availability request to determine an availability of 
the logical device; and 

when it is determined that the first device is authorized to have non-media access to 
the logical device, the atj least one filter forwards the request to a storage device 
25 corresponding to the logical device. 



33. The apparatus of claim 28, wherein in response to a data access request by the 
first device to the logical clevice, the at least one filter determines whether the first device has 
data access privileges to the logical device; 
30 wherein the at least one filter authorizes the data access request when it is determined 

that the first device has data access privileges to the logical device; and 
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wherein tfie at least one filter denies the data access request when it is determined that 
the first device hasuio data access privileges to the logical device. 

34. The apparatus of claim 28, wherein the apparatus further comprises: 
5 a data structure, accessible to the at least one filter, that stores configuration 

information corresponding to the first device that includes first configuration information 
identifying each of a plurality of logical devices at the shared resource to which data access 
by the first device is authorized, and second configuration information identifying whether 
non-media access is authorized to each of the plurality of logical devices for which the first 
10 configuration information identifies that no data access is authorized for the first device. 

35. The apparatus of claim 34, wherein the at least one filter examines the second 
configuration information corresponding to the first device to determine whether the first 
device is authorized to have non-media access to the logical device. 

15 

36. The apparatus of claim 28, wherein the apparatus further comprises: 
a data structure, Iccessible to the at least one filter, that stores configuration 

information corresponding to the first device that identifies each of a plurality of logical 
devices at the shared resource to which data access by the first device is authorized and each 

\ 

20 of the plurality of logical pevices to which non-media access by the first device is authorized. 



\ 



37. The apparatus of claim 28,- wherein in response to an access request by the 
first device to the logical device, the at least one filter examines the access request to 
determine whether the access request is one of a data access request and a non-media access 

25 request. 

38. The apparatus of claim 28, wherein the shared resource is a storage system; 
wherein the logical aevice is a logical volume of data stored at the storage system; 

and | 
30 wherein in response J:o the non media access request by the first device to the logical 

volume of data at the storage system for which the first device has no data access privileges, 
the at least one filter determines whether the first device is authorized to have non-media 



15 
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f 

access to the logical volume, and authorizes the non media access request when it is 
determined that the first device is authorized to have non-media access to the logical volume. 



\ 



39. The apparatus of claim 38, in combination with the storage system, wherein 
5 the at least one filter and the input each is disposed within the storage system. 

I 

40. The apparatus of claim 38, further comprising: 

a data structure, accessible to the at least one filter, that stores configuration 
information corresponding to the first device that includes first configuration information 
10 identifying each of a plurality of logical volumes of data stored at the storage system to which 
data access by the first jdevice is authorized, and second configuration information identifying 
whether non-media access is authorized to each of the plurality of logical volumes for which 
the first configuration information identifies that no data access is authorized for the first 



device. 



41 . The apparatus of claim 40, in combination with the storage system, wherein 
the at least one filter, the\nput, and the data structure each is disposed within the storage 
system. 



20 42. The apparatus of claim 38, wherein the at least one filter and the input each is 

disposed outside of the storage system. 

t 
t 
* 

43. A computer readable medium, comprising: 

a data structure relating to access management by a plurality of network devices to 

25 data stored on a plurality of^ logical devices of a shared resource, the data structure including 

a plurality of records each corresponding to one of the plurality of network devices, a first 

\ 

record of the plurality of records corresponding to a first of the plurality of network devices 

and including configuration information identifying each logical device of the plurality of 

logical devices to which data access by the first network device is authorized, the first record 

\ 

30 further including visibility information identifying whether the first network device is 

authorized to have non-media access to a first logical device of the plurality of logical 

\ 

devices when the configuration information corresponding to the first network device 
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identifies that no data access to the first logical device from the first network device is 
authorized.) 



44. uTie computer readable medium of claim 43, wherein the first record further 
includes visibility information identifying whether the first network device is authorized to 
have non-media\access to each logical device of the plurality of logical devices when the 
configuration information corresponding to the first network device identifies that no data 
access to at least i>ne of the plurality of logical devices is authorized. 

45. The computer readable medium of claim 43, wherein each respective record of 
the plurality of records includes configuration information identifying each logical device of 
the plurality of logical devices to which data access by a respective network device is 
authorized, each respective record further including visibility information identifying whether 
the respective netwLrk device is authorized to have non-media access to each logical device 
of the plurality of logical devices. 



46. The computer readable medium of claim 43, wherein each respective record of 
the plurality of records includes configuration information identifying each logical device of 



the plurality of logical devices to which data access by a respective network device is 
authorized, each respective record further including visibility information identifying whether 
the respective network device is permitted to have non-media access to a respective logical 
device of the plurality of logical devices when the configuration information identifies that no 
data access to the respective logical device from the respective network device is authorized. 



47. The computer readable medium of claim 43, in combination with the shared 
resource, wherein thelshared resource is storage system, and wherein the computer readable 
medium is a storage device of the storage system. 

48. An apparatus for use in a computer system including a plurality of devices, a 
storage system, and a network that couples the plurality of devices to the storage system, the 
apparatus comprising: 

an input to be coupled to the network; 



% 
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a' data structure that stores configuration information identifying each logical volume 
of data df a plurality of logical volumes of data stored on the storage system to which data 
access b^a first device of the plurality of devices is authorized; and 

at Last one filter, coupled to the input, that is responsive to a non-media access 
request by a first of the plurality of devices to a first logical volume of data of the plurality of 
logical volumes of data for which the first device has no data access privileges, to determine 
whether the first device is authorized to have non-media access to the first logical volume of 
data, and to authorize the non-media access request when it is determined that the first device 
is authorizedtto have non-media access to the first logical volume of data. 



49. 1 The apparatus of claim 48, wherein when it is determined that the first device 
is not authorized to have non-media access to the first logical volume of data, the at least one 
filter denies tile non-media access request. 



50. The apparatus of claim 49, wherein the storage system includes a plurality of 

storage devices coupled to the at least one filter, and wherein when it is determined that the 

\ 

first device is authorized to have non-media access to the first logical volume of data, the at 

1 

least one filter forwards the non-media access request to a storage device corresponding to 

\ 

the first logical volume of data. 
20 \ 

5 1 . The apparatus of claim 48, wherein when it is determined that the first device 
is not authorized to have non-media access to the first logical volume of data, the at least one 
filter ignores the non-media access request. 



25 52. The apparatus of claim 48, wherein in response to a data access request by the 

first device to the first logical volume of data, the at least one filter determines, based upon 

I 

the configuration information stored in the data structure, whether the first device has data 
access privileges to the first logical volume of data; 

wherein the at least one filter authorizes the data access request when it is determined 
30 that the first device has data access privileges to the first logical volume of data; and 

wherein the atjleast one filter denies the data access request when it is determined that 
the first device has no data access privileges to the first logical volume of data. 
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53. T^ie apparatus of claim.48, wherein the configuration information stored in the 
data structure further identifies whether non-media access by the first device is authorized for 

1 

each of the plurality of logical volumes of data stored on the storage system. 

j 

54. The apparatus of claim 48, wherein the configuration information stored in the 
data structure is first configuration information, the data structure further including second 

configuration infoimation that identifies whether non-media access is authorized to each of 

I 

the plurality of logical volumes of data for which the first configuration identifies that no data 
10 access is authorized for the first device. 



55, Tlie apparatus of claim 54, wherein the at least one filter examines the second 
configuration information to determine whether the first device is authorized to have non- 
media access to the logical device. 



15 



! 

ij 

56. Tlie apparatus of claim 48, wherein in response to an access request by the 

jj 

first device to thejfirst logical volume of data, the at least one filter examines the access 
request to determine whether the access request is one of a data access request and a non- 
media access request. 



20 

57. The apparatus of claim 48, in combination with the storage system, wherein 
the at least one filter, the input, and the data structure each is disposed within the storage 
system. / 

f 

I 

25 58. Thejapparatus of claim 38, wherein the at least one filter, the data structure, 

and the input each is disposed outside of the storage system. 

1 

59. The apparatus of claim 48, in combination with the storage system, wherein 

s 

the at least one filtefi and the input each is disposed within the storage system, and wherein 

I 

30 the data structure is disposed outside of the storage system. 



60. A storage system, comprising: 



t 
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a plurality of storage devices that store a plurality of logical volumes of data; 
a d^ta structure to store configuration information identifying whether a first network 
device of a plurality of network devices that are coupled to the storage system is authorized to 
access data on a first logical volume of the plurality of logical volumes; and 

a filter, responsive to the configuration information stored in the data structure, to 
selectively forward non-media access requests from the first network device to the first 
logical volumi when the configuration information identifies that no data access to the first 
logical volume from the first network device is authorized. 



61. 

non-media acci 



The storage system of claim 60, wherein the filter selectively forwards the 
ss request from the first network device to at least one of the plurality of 
storage deviceslthat corresponds to the first logical volume when the configuration 
information identifies that no data access to the first logical volume from the first network 
device is authorized. 

62. The storage system of claim 60, wherein the configuration information further 
identifies whether the first network device is authorized to have non-media access to the first 
logical volume wpen no data access to the first logical volume from the first network device 
is authorized. 



63. 



The 



storage system of claim 62, wherein the filter forwards non-media access 
requests from the first network device to the first logical volume when the configuration 
information identifies that non-media access by the first network device to the first logical 
volume is authorized, and denies the non-media access request from the first network device 
to the first logical volume when the configuration information identifies that non-media 
access by the first network device to the first logical volume is not authorized and that no 
data access to the first logical volume from the first network device is authorized. 



30 



64. The storage system of claim 63, wherein the filter, in response to an access 
request from the first network device to the first logical volume for which the configuration 
information identifies that no data access is authorized, examines the access request to 
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determine whether the access request is one of a data access request and a non-media access 
request. 



65. The storage system of claim 60, wherein the filter, responsive to the 
configuration information stored in the data structure, forwards access requests from the first 
networlc^device to at least one of the plurality of storage device corresponding to the first 
logical volume when the configuration information identifies that data access to the first 
logical volume from the first network device is authorized. 

i 

66. \ The storage system of claim 60, wherein the data structure includes a plurality 
of records each corresponding to a respective one of the plurality of network device, each of 
the pluralit^ of records including first configuration information identifying each of the 
plurality of logical volumes to which data access by the respective one of the plurality of 
network de\ices is authorized, and second configuration information identifying whether 
non-media access to each of the plurality of logical volumes by the respective one of the 
plurality of network devices is authorized for which the first configuration information 



identifies tha 
authorized. 



no data access by the respective one of the plurality of network device is 



